Controller and resource management system and method with improved security for independently controlling and managing a computer system

ABSTRACT

A controller and resource management system and method with improved security for independently controlling and managing a computer system is provided. Control, management and security protection is provided while functioning: conceptually, logically, functionally, operatively, physically and electrically independent of computer system resources, including processors. All computer system resources, including processors are operatively dependent on the present invention; processors do not execute operating system instructions. Data transferred between the computer system and processors is communicable through the controller and resource management system for improved security. The present invention comprising: Buffer memory, BIOS, device drivers, event handler, system security, scheduler, memory manager, I//O controller, configuration manager, independent watchdog timer and networking interfaces. One method whereby the invention is implemented in hardware for improved security is provided; another method whereby information is communicable between multiple controller and resource management systems, or micronodes©, independently of computer system resources, including processors is also provided.

BACKGROUND OF INVENTION

This invention relates generally to operating systems and security forcomputer systems and more specifically to a controller and resourcemanagement (CARMS)© system and method with improved security forindependently controlling a computer system.

There exists a real and vital need for increased security in computersystems and the operating systems that attempt to control them. Therapid growth in the availability and demand for applications such asbusiness networking, online transactions, email, instant and textmessaging, high-performance video, music, real-time playback,content-on-demand and many more applications have placed extremesecurity demands on the operating system and shared system resources ofprior art computer systems. High-speed broadband communications such asDSL, cable, wireless and satellite have led to increases in unauthorizedaccesses to shared system resources.

Existing computer systems are inherently incapable of providingsufficient security since the operating system that attempts to controland manage the processor exists as processor instructions; instructionsthat are functionally and operationally dependent on the same processorfor their existence. The security problem is fundamental: the processormust execute instructions in order for the operating system to exist;the operating system must exist to control the very same processor thatexecutes the instructions that are responsible for its existence . . .and round and round we go. This invention addresses the fundamentalsecurity problems that are responsible for data corruption in existingsystems by presenting a new paradigm for computer systems: computersystems with an independently functioning and operating controller andresource management system and method, providing vital system-levelsecurity for the computer system.

In order to execute processor program instructions, prior art computersystems are operationally and functionally dependent upon shared systemresources including: operating system, application program, applicationprogram interface (API), API message buffer memory, device drivers andanti-virus/anti-hacker/anti-spam instructions. Prior art computersystems cannot separate the function and operation of the processor andoperating system since both are mutually dependent upon each other inorder to remain functionally operational.

Prior art systems are limited in their ability to identify and preventunauthorized access and corruption of the shared system resources sincethe processor, memory and operating system are operatively andfunctionally linked together. Sharing system memory leaves prior artsystems vulnerable to unauthorized accesses into application programsand operating system instructions. These unauthorized accesses lead toapplication errors, operating system instability, system lockups orpersistent corruption of system resources. Furthermore, prior artoperating systems and processors provide mutual and binding control overeach other; the operating system attempts to control the processor,while the processor executes operating system instructions necessary forthe operating system to control the very same processor. Problems areinevitable since the operating system and processor actually controleach other; those skilled in the art will recognize that prior artoperating systems do not independently provide control over theprocessor since it is impossible for the operating system to operatewithout having the processor execute instructions necessary for theoperating system to exist; the processor must execute software to allowthe operating system to attempt to control the very same processor, allthe while sharing the same memory space. Does this make sense to Bill?No.

Prior art operating systems and computer systems are typically providedwith a single watchdog timer to monitor the health and operation of boththe processor and operating system. Since both are mutually dependent onone another for their function and operation, adding a second watchdogtimer will provide only marginal benefits. The present invention adds asecond independent watchdog timer in addition to the watchdog timer usedin prior art. Prior art watchdog timers are used for monitoring thehealth and operation of the processor whereas the present watchdog timeris used specifically for the purposes of monitoring the health andoperation of the present invention controller and resource managementsystem. This watchdog timer operates physically, functionally andoperationally independent of the prior art watchdog timer used tomonitor the health and operation of the processor.

Prior art computer systems use the processor to execute applicationprograms in order to provide the messaging and higher-layercommunication necessary for communicating between local or remotecomputer systems. The present invention allows direct and independentcommunication between separate present invention controllers andresource management systems via local or remote networking; theprocessors are not required to be networked together since the presentinvention controllers and resource management systems themselves are nowdirectly networked together; locally and remotely.

Prior art operating systems and computer systems require the processorand processor memory to allocate a portion of their operational andfunctional resources, as well as a portion of their physical resourcesand memory space to the task of executing operating system instructions.The present invention relieves the processor and processor memory ofthis task since the present invention controller and resource managementsystem now operates conceptually, physically, functionally andoperationally independent of the processor and processor memory. Theprocessor and processor memory are provided with increased resources andmemory space allowing for an increase in overall computer systemperformance.

SUMMARY OF THE INVENTION

Prior art operating systems and computer systems require the processor,processor memory and operating system to be physically, operatively,functionally and electrically coupled together, whereas the presentinvention controller and resource management system operatesconceptually, physically, operatively, functionally and electricallyindependent of the processor, processor memory and processor programinstructions. Prior art computing systems make it difficult to determinewhether or not the operating system is controlling the processor or ifthe processor is controlling the operating system; in reality, bothprocessor and operating system are mutually dependent on each other forfunctional operation. Those skilled in the art will recognize that thepresent invention provides the means for conceptually, physically,operatively, functionally and electrically independently controlling andmanaging all computer system resources, including the processor. Thepresent invention controller and resource management system becomes thecentralized controlling and managing function for the entire computersystem, including processor and shared system memory. Whereas prior artcomputer systems regarded the processor as the central processing unit(CPU), the present invention provides independent control over theprocessor, handling it like any other decentralized resource within thecomputer system. The computer system is now fully capable of performingcertain tasks such as interfacing with users of the system andcommunicating between a plurality of computer systems independently ofthe processor and processor program instructions.

The present invention provides increased reliability, stability andsecurity protection over prior art since the controlling function(present invention controller and resource management system) for theentire computer system has been physically, operatively, functionallyand electrically separated from the processor and application programmemory. This provides a more stable, reliable and secure environment forthe controller and resource management system, processor, applicationprograms and entire computer system while also providing the processorand processor memory with increased resources and memory space, allowingthem to provide an increase in overall computer system performance. Thepresent invention provides a new paradigm for operating systems,computer systems and communicating between systems by physically,functionally, operationally and electrically separating the presentinvention controller and resource management system from the processor,processor memory and application programs.

Prior art computer systems use their shared processor memory forexecuting a plurality of processor program instructions including:operating system, application program, application program interface(API) and API message buffer instructions, device drivers as well astasks specific to providing security protection such as anti-virus,anti-spam and anti-hacker programs. The present invention provides acontroller and resource management system having the functionalequivalent of prior art software-based operating systems withoutrequiring the processor to execute instructions necessary for thecontrolling and managing system to function. The only instructions theprocessor must execute are those related to the task of communicatingwith the controller and resource management system via thebi-directional application program interface (API) messaging buffermemory. The API buffer memory and messaging queues used forcommunication between processor and controller and resource managementsystem are now located in the controller and resource management systemand are no longer located in shared processor memory as in prior artcomputer systems.

Prior art operating systems and computer systems require the processorand processor memory to allocated a portion of their operational andfunctional resources, as well as a portion of their physical resourcesand memory space to the task of executing operating system instructions.The present invention relieves the processor and processor memory ofthis task since the present invention controller and resource managementsystem now operates physically, functionally and operationallyindependent of the processor and processor memory. The processor andprocessor memory are provided with increased resources and memory spacethat allow them to provide an increase in overall computer systemperformance.

In one embodiment the present invention controller and resourcemanagement system provides functions for interfacing with a plurality ofbi-directional serial data Input/Outputs (I/Os) for interfacing aplurality of external I/Os to the computer system; a subset of theseI/Os are used to provide direct and independent communication betweenseparate controllers and resource management systems via local or remotenetworks. Since the controller and resource management systemsthemselves are now locally and remotely networked together, theprocessors are free to dedicate their bandwidth to applicationprograms-resulting in increased performance. In addition, a secondwatchdog timer is provided specifically for monitoring the health andoperation of the present invention controller and resource managementsystem. This watchdog timer operates physically and operationallyindependent of the prior art watchdog timer used to monitor the healthand operation of the processor.

In another embodiment the present invention controller and resourcemanagement system includes functions for configuring the computersystem, interfacing to computer system devices via device drivers,booting the computer system and a function for secure processing of thebi-directional serial Input/Output (I/Os) of the computer system. In analternate embodiment the present invention controller and resourcemanagement system is implemented in hardware demonstrated in threeexamples including: time division multiplexing (TDM), simple statemachine and an implementation consisting of a weighted round-robinembodiment. Those skilled in the art having the benefit of theseimplementation descriptions will be able to construct a controller andresource management system with improved security for independentlycontrolling a computer system. Those skilled in the art will recognizethat other implementations exist.

Advantages

The present invention has a number of significant advantages andimprovements over prior art operating systems and computer systems.

Prior art computer systems require the operating system, applicationprogram interface (API) buffer memory and computer system security tooperate conceptually, physically, functionally, operationally andelectrically dependent on the centralized processor, processor memory,processor watchdog timer, processor software application programs andprogram data. The present invention provides a computer system whereinthe controller and resource management system, application programinterface (API) buffer memory, additional controller and resourcemanagement system watchdog timer and computer system security providecentralized computer system functions that operate mutually exclusiveand conceptually, physically, functionally, operationally andelectrically independent of the now decentralized processor and itsassociated software.

Prior art operating systems are implemented in software as programinstructions executed by the processor out of memory that is sharedwith: general application programs, data storage, application programinterface (API) instructions, API buffer memory, BIOS and device driversand also security protection such as anti-virus/anti-hacker/anti-spamprograms. Sharing processor and memory leaves the operating systemunprotected and susceptible to corruption and other problems caused byunauthorized access to the shared memory space. The present inventionsolves these problems by protecting the controller and resourcemanagement system from application programming errors and unauthorizedaccess to shared memory space since the operating system no longerresides in the same memory as the application programs. Reliability,stability and security are improved over prior art since the controllingfunction (controller and resource management system) for the computersystem has been conceptually, physically, functionally, operationallyand electrically separated from the processor, processor memory andapplication programs. Another embodiment is presented wherein thecontroller and resource management system is implemented in hardwaredevices for providing increased security over prior art softwareoperating systems since the controlling function (controller andresource management system) cannot be corrupted by applicationprogramming errors or unauthorized access into shared processor memory;prior art operating systems and application programs are routinelycorrupted in this manner.

Prior art computer systems cannot electrically isolate their operatingsystem from the processor or shared memory since the physical andelectrical bond is inherent in the design (the operating system isactually instructions executed by the processor in shared memory).Electrical disturbances or failures in the processor, computer system orother functions will mutually affect the operating system. In oneembodiment, the present invention solves this problem by implementingall interfaces between the controller and resource management system andcomputer system via bi-directional optical paths whereby the controllerand resource management system operates electrically independent andelectrically isolated from the processor and all computer systemfunctions. This method provides electrical isolation between theprocessor, computer system and the controlling function (controller andresource management system) system. This provides increased securityprotection over prior art since the controller and resource managementsystem is now electrically isolated and immune from mutual electricaldisturbances and failures. This also allows for a plurality ofprocessors or computer systems to securely communicate and interoperatevia an electrically isolated controller and resource management system.

Prior art computer systems implement application program interfaces(APIs) buffer memory in shared memory space. This leaves the buffersunprotected and susceptible to corruption and other problems caused byapplication programming errors and unauthorized access to sharedprocessor memory space. The present invention solves these problems byprotecting the controller and resource management system and API buffermemory from application programming errors and unauthorized access toshared memory space since the controller and resource management systemand API buffer memory no longer reside in shared memory. The API buffermemory and messaging queues used for communication between processor andprior art operating systems are located in the independent controllerand resource management system and not in shared memory. This providesincreased reliability, stability and security protection over prior artsince the controlling function (controller and resource managementsystem) and the API buffer memory have been conceptually, physically,functionally, operationally and electrically separated from the sharedmemory and application programs. In addition, another embodiment ispresented wherein the controller and resource management system andthese functions are implemented in hardware devices, providing evengreater security.

Prior art computer systems route the computer system interrupts andevents generated by the plurality of computer systems resources to theprocessor. Prior art processors receive an interrupt or event, savetheir status and then context switch to another process via an interruptservice routine (ISR) and software operating system. This leaves thecomputer system, processor, software operating system and applicationsoftware unprotected and susceptible to corruption. The presentinvention solves this problem by first routing the interrupts and eventsthrough the present invention controller and management system prior tocoupling to the processor. All interrupts and events are thereforeforced to go thru the present invention system security functionproviding improved system security over prior art computer systems.

The present controller and resource management system requires lessfrequent and less intrusive updating than prior art operating systems.The present invention is updated by reprogramming the hardware whereasprior art computer systems must download new software into shared memorywith the processor executing download instructions in memory that isshared by application programs. The present invention provides increasedsecurity over prior art since the updates to the controller and resourcemanagement system and security software cannot be altered byunauthorized access or corrupted by application programming errors. Theprocess of updating programs is less intrusive than updating prior artprograms in shared processor memory and is also less frequent due to theinherent reliability, stability and protection offered by theimplementation of the present controller and resource management systemin upgradeable hardware.

The performance of application programs is increased since the processorhas more available bandwidth now that it is no longer involved inexecuting operating system instructions. Processor bandwidth andresources are now available for other tasks not normally associated withthe executing of operating system program instructions. Those skilled inthe art will recognize that processor memory space is conserved andbandwidth is increased since the application programs are no longerrequired to share their memory with the operating system programinstructions as in prior art computer systems.

The performance of application programs can be increased by providingthe ability to dynamically download one of at least three differentcontroller and resource management system depending on the applicationsto be executed by the processor. A particular application may performbetter using the state-machine version of the controller and resourcemanagement system while another application may exhibit betterperformance using the time division multiplexed (TDM) or weightedround-robin versions. Those skilled in the art will recognize that otherimplementations may exist including a combination of the threeimplementations mentioned above.

The descriptions herein are exemplary rather than limiting in nature.Variations and modifications to the disclosed examples may becomeapparent to those skilled in the art that do not necessarily depart fromthe essence of this invention. The scope of legal protection given tothis invention can only be determined by studying the claims herein.

OBJECTS OF THE INVENTION

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the processor, processor memoryand computer system software are functioning operatively dependent onthe present invention.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the processor, processor memoryand computer system software are functionally dependent on the presentinvention.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the processor is controlled andmanaged by the operatively independent present invention.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the present invention isfunctioning conceptually independent of the processor, processor memoryand computer system software.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the present invention isfunctioning logically independent of the processor, processor memory andcomputer system software.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the present invention isfunctionally independent of the processor, processor memory and computersystem software.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the present invention isfunctioning operatively independent of the processor, processor memoryand computer system software.

It is an object of the invention in certain embodiments herein toprovide a controller and resource management system and method withimproved security for independently controlling a computer systemwherein the present invention is functioning physically independent ofthe processor, processor memory and computer system software.

It is an object of the invention in certain embodiments herein toprovide a controller and resource management system and method withimproved security for independently controlling a computer systemwherein the present invention is functioning electrically independent ofthe processor, processor memory and computer system software.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the controller and resourcemanagement system comprises at least: one event manager, onemanager/scheduler, bidirectional application program interface (API)buffer memory, a bidirectional processor interface to the API buffermemory and at least one bidirectional interface for the computer system.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the controller and resourcemanagement system and processor are communicably coupled.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein the controller and resourcemanagement system is implemented in hardware or firmware.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein all processor data includingapplication programs, application program interface (API) messaging anduser data are communicably transferred through the operationallyindependent present invention controller and resource management systemfor the purposes of providing improved security for the computer system.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein a plurality of controller andresource management systems within a single computer system can beoperatively and communicably coupled together independently of theprocessors, processor memory and computer system software.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein a plurality of controller andresource management systems residing in separate computer systems can beoperatively and communicably coupled together via local area networks(LANs) or wide area networks (WANs) independently of the processors,processor memory and computer system software.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein a plurality of processors,processor memory and computer system software are communicably connectedthrough the present invention controller and resource management system.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system having security improvements forapplication programs executed by the processor.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system having performance improvements forapplication programs executed by the processor.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system having functions for: configuring devices,booting the computer system, providing security protection for thecomputer system, supporting email, supporting instant messaging,supporting internet communications and I/O for the computer systemincluding PCI, disc, audio, video, keyboard and LAN and WAN networkconnections and data transfers.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system wherein a second independent watchdogtimer is provided for monitoring the health and operation of thecontroller and resource management system for improved failure detectionover prior art computer systems.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system requiring less frequent updates or patchesthan prior art

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a computer system providing improvements in stability,reliability and security over prior art operating systems.

It is an object of the invention to provide a controller and resourcemanagement system and method with improved security for independentlycontrolling a wireless computer system providing improvements instability, reliability and security over prior art wireless computersystems.

It is on object of the invention to provide a controller and resourcemanagement system and method wherein all prior art processor interruptsare routed through the present invention controller and resourcemanagement system for providing improvements in stability, reliabilityand security over prior art computer systems.

Other and further objects of the invention will become apparent with anunderstanding of the following detailed description of the invention orupon employment of the invention in practice.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a Venn diagram highlighting the (conceptual, logical,functional, operational, physical and electrical) mutually inclusive anddependent plurality of computer system resources and functions withinprior art computer systems.

FIG. 2 is a Venn diagram highlighting the (conceptual, logical,functional, operational, physical and electrical) mutually exclusive,operatively and functionally independent controller and resourcemanagement system and method of the present invention comprising oneembodiment of the present invention.

FIG. 3 is a Venn diagram comprising the same functions illustrated inFIG. 2, and also having a watchdog timer; functioning and operatingindependently of the plurality of computer system resources.

FIG. 4 is a Venn diagram comprising the same functions illustrated inFIG. 3, and also having a system security function; operating andfunctioning independently of the processor.

FIG. 5 is a Venn diagram comprising the same functions illustrated inFIG. 4, and also having a memory controller hub function; operating andfunctioning independently of the processor.

FIG. 6 is a Venn diagram comprising the same functions illustrated inFIG. 5, and also having an I/O controller hub function with devicedrivers and BIOS; operating and functioning independently of theprocessor.

FIG. 7 is a high level block diagram of a computer system that providesthe typical operating environment for prior art. This is a block diagramrepresentation of the Venn diagram illustrated in FIG. 1.

FIG. 8 is a high level block diagram representing a computer system inwhich some aspects of the present invention are incorporated. This is ablock diagram representation of the Venn diagram illustrated in FIG. 2.

FIG. 9 is a high level block diagram representing the another embodimentof the present invention. This is a block diagram representation of theVenn diagram illustrated in FIG. 6.

FIG. 10 is a high level block diagram representing another embodiment ofthe present invention with the computer system having at least oneprocessor coupled to local memory, hereinafter referred to as aprocessing function.

FIG. 11 is a high-level schematic representing a plurality of presentinventions within the same computer system chassis, each separatelycommunicably coupled to their own processing function; each separatepair coupled through the present invention to the same shared memory.

FIG. 12 is a high-level schematic representing a plurality of presentinventions and processing functions communicably coupled through thepresent invention by a full mesh interconnect within the same computersystem chassis. This interconnect may be electrical or optical.

FIG. 13 is a high-level schematic representing a plurality of presentinventions, each within their own separate computer system chassiscommunicably coupled through the present invention by a full mesh localarea (LAN) or wide area network (WAN) network.

FIG. 14 is a high-level schematic representing a computer system whereinthe present invention is electrically isolated from all other systemfunctions and resources.

FIG. 15 is a high level block diagram representing one embodiment forthe present invention.

FIG. 16 Shows in more detail the communication and data path takenthrough the present invention starting with computer system events,through the event handler, then through the system security function andfinally to the notification and alerting of computer system resources.

FIG. 17 is a high level flow diagram illustrating a method for thepresent invention using a state machine implementation.

FIG. 18 is a high level flow diagram illustrating a method for thepresent invention using a weighted round robin implementation.

FIG. 19 is a high level flow diagram illustrating a method for thepresent invention using a time division multiplexing (TDM)implementation.

FIG. 20 shows one embodiment where the improvements and advantages ofthe present invention are used for wireless communication for productssuch as wireless cellphones, wireless personal digital assistants (PDAS)or wireless portable computers such as laptop personal computers.

DETAILED DESCRIPTION OF THE INVENTION

This invention relates generally to a controller and resource managementsystem and method for computer systems that provides equivalentfunctionality and increased reliability, stability, security protectionand performance over prior art operating systems and prior art computersystems.

FIG. 1 is a Venn diagram highlighting the (conceptual, logical,functional, operational, physical and electrical) mutually inclusive anddependent functions and resources within prior art computer systems. TheVenn diagram clearly illustrates the prior art operating system and APIbuffer memory 1 functioning and operating mutually inclusive 2 and(conceptually, logically, functionally, operationally, physically, andelectrically) dependent on the processors, processor memory andprocessor program instructions 3. Those skilled in the art will realizethat application errors, corruption and unauthorized accesses to thesemutually coupled functions and resources routinely lead to mutual anddependent errors, system instability, decreased reliability, decreasedsecurity protection and decreased system performance; these undesirableconditions may also lead to persistent system corruption and failures.

FIGS. 2-6 are Venn diagrams highlighting the (conceptual, logical,functional, operational, physical and electrical) mutually exclusive andindependent functions and resources comprising five embodiments of thepresent invention. The Venn diagrams clearly illustrate the presentinvention providing control, management and security protection for theentire computer system; functioning and operating mutually exclusive and(conceptually, logically, functionally, operationally, physically, andelectrically) independent of the processors, processor memory andprocessor program instructions. In FIG. 2 one embodiment of the presentinvention comprising at least a computer system event handler andcomputer system manager/resource scheduler and bidirectional applicationprogram interface (ABI) buffer memories have been (conceptually,logically, functionally, operationally, physically, and electrically)separated 1 from the processor, processor memory, processor watchdog,application programs, program data, system software, device drivers andBIOS 3. The absence of mutually inclusive region 2 from FIGS. 2-6clearly illustrates the separation and independence of prior artfunctions and resources 3, 8 and 13 from present invention function andresources 1, 4, 7, 10 and 12. Those skilled in the art will realize thatapplication errors, memory leaks, viruses, hardware failures,unauthorized accesses and other forms of corruption that affected priorart operating systems and API buffer memories can no longer affect thepresent invention. One skilled in the art will realize that theaforementioned improvements described for FIG. 2 will also apply toFIGS. 3-6. Additional improvements are provided by the present inventionsince more system memory is now available for application programs anddata storage and the performance of application programs has improvedsince the processor is no longer required to execute the prior artoperating system instructions or security program instructions. Theseparation of prior art computer system functions and resources providedby the present invention provides increased reliability, stability,security protection and performance over prior art operating systems andcomputer systems.

FIG. 3 illustrates in Venn diagram format the addition of anindependently functioning and operating watchdog timer function 5provided to independently monitor the health of the present invention.The additional watchdog timer has been provided to reduce the likelihoodof common-mode failures within the computer system while increasing thecomputer system's ability to detect and isolate failures. One skilled inthe art will realize that it is impossible to duplicate the presentinvention watchdog timer in prior art computer systems since prior artoperating systems are inherently common-mode systems; it is impossibleto conceptually, logically, functionally, operationally, physically, orelectrically separate the prior art operating system from the rest ofthe functions and resources of the prior art computer system shown inthe overlapping region 2 of FIG. 1.

A system security function 6 has been added to the present invention inFIG. 4 to independently interrogate system data for signs ofunauthorized access attempts by into the computer system. All datacoming from, or going to the processor (including program codedownloads), will be interrogated and assigned a type identifier labeland security level identifier label by this function. Those skilled inthe art will realize the improvement gained by checking data before itgets to the processor, processor memory application code, API buffermemory, program data or even the security programs of prior art.Additionally, the present invention provides data verification that isperformed by an independent function other than the processor as inprior art systems. This security function also interrogates informationfrom other system I/Os for unauthorized access attempts to the computersystem. This function provides the capability to check data in eitherdirection (transmitted out the computer system or received into thesystem). It can even check for unauthorized accesses via localinterfaces such as the keyboard or mouse. The security function also hasthe ability to verify passwords, verify source addresses, and can evenfilter out any unauthorized writes into system memory based on a localvs. remote event; for instance the system might only allow writes tomemory from a local source such as a secure keyboard.

FIG. 5 adds a memory controller hub 9; FIG. 6 adds a basic input outputsystem (BIOS) 11 and I/O controller hub 11. The addition of these keyfunctions permits the present invention to interrogate and filter alldata coming or going from the computer system. This allows the presentinvention to check data at any point in the system. The memorycontroller hub is a key function allowing data coming and going fromshared system memory to be interrogated and filtered where mostunauthorized accesses and corruption are likely to occur. The I/Ocontroller is an important addition since it allows checking of thecomputer system inputs for unauthorized access before the data can makeits way too deep into the computer system where it can cause moreserious problems to the entire computer system. The BIOS will allowflexibility in the booting of the system and device configuration. Theentire computer system is more adaptable to security threats and candynamically alter the configuration of devices depending upon thecurrent or expected security threat level for the system. Those skilledin the art will realize the improvement offered by checking data beforeit gets too deep into the system as well as checking at shared memoryand dynamically adapting to varying levels of security threats.

Referring to FIG. 7, a high level block diagram of a computer systemthat provides the typical operating environment for prior art is shown.The computer system consisting of mutual and dependent functions andresources 2 shown as: processor 15, operating system 19, API buffermemory 20, basic input output system (BIOS) with device drivers 21,system security protection 6, processor memory 14, application programs26, program data 27, processor watchdog timer 28 and shared system bus23. The functions that will become independent by virtue ofincorporation into the present invention 18 are shaded for illustrativepurposes only.

At startup the BIOS with device drivers 21 will boot the system andallow the processor 15 to begin loading and executing the prior artoperating system 19. Those skilled in the art will realize that theprocessor is required to load and execute the instructions necessary forthe prior art operating system to functionally operate. The processor'scontrol over the prior art operating system is represented by arrow 16.The operating system is therefore dependent on the processor for itsfunctional operation. The operating system, as a well-designed operatingsystem should, attempts to control the processor as represented by arrow17. Control arrows 16 and 17 help to illustrate the fact that theprocessor is therefore dependent on the operating system for itsfunctional operation. As illustrated, prior art operating systems 19used for providing control, management and security protection 22 forthe entire computer system are mutually inclusive and conceptually,physically, functionally, operationally and electrically dependent ofthe processors 15, processor memory 14 and software 25-27. It should benoted that in the next drawing, FIG. 8, control arrow 16 isconspicuously missing; it's no longer needed once we separate thefunction of the present invention from the prior art processor. Controlarrow 17 remains in FIG. 8 since this arrow denotes the independentcontrol that the present invention has over the processor. Even arrow 17is dropped in later drawings since it's assumed that those skilled inthe art will realize that the present invention's control over theprocessor happens to occur in-band as a result of bi-directionalmessaging in application program interface (API) path 40. Or alternatelyvia secure interrupts to the processor 100.

Those skilled in the art will recognize that application errors,corruption and unauthorized accesses to these mutually coupled functionsand resources 2 routinely lead to mutual and dependent errors, systeminstability, decreased reliability, decreased security protection anddecreased system performance; these undesirable conditions may also leadto persistent system corruption and failures. Also shown are generalcomputer system resources such as the memory controller hub 9 used bythe processor and other system resources to arbitrate for access to theshared system bus 23 and shared system resources 2; it is also used forhigh-speed interconnect of the video I/O 38 and Gigabit Ethernet (GbE)interfaces 37 to the computer system and shared system resources such asbus 23, shared processor and memory 2 and shared PCI bus resources 33.The Input/Output (I/O) controller 36 is used to interface with devices29-35 consisting of: keyboard, mouse, PCI bus, serial Input/Output(SIO), Universal Serial Bus (USB), voice coders-decoders (CODECs) andLocal Area Networks (LANs). Those skilled in the art will realize thatthe heavily shared systems resources 2, 23, 33 quickly becomebottlenecks that decrease system performance.

Referring to FIG. 8, a high level block diagram representation of theVenn diagram used in FIG. 2 to illustrate the first embodiment of thepresent invention is presented. The computer system shown consisting ofmutual and dependent functions 2 and resources as shown. The separateprocessor 15 and memory 14 of previous FIG. 7 have been combined in FIG.8 as 43 to denote the processing function consisting of processor andmemory operatively coupled. Also shown are application programs 26,program data 27, processor watchdog timer 28 and shared system bus 23.In the present system, the prior art operating system 19 and applicationprogram interface (API) buffer memory 20 have been incorporated into asingle functional block 1 representing one embodiment of the presentinvention. As can be seen from the drawing, the prior art operatingsystem 19 has conceptually, physically, functionally and operationallybeen separated from the shared system resources 2; these functions nowoperate independently of the processor and shared system resources 2. Atstartup the BIOS with device drivers 21 will boot the system and allowthe processing function 43 to begin loading and executing applicationprograms 26, without having to first load and execute the prior artoperating system instructions as required in prior art computer systems.Those skilled in the art will realize that the processing function is nolonger required to load and execute the instructions necessary for theprior art operating system 19 to functionally operate. The processor'scontrol over the operating system has been eliminated (arrow 16 is nolonger necessary). The operating system is therefore no longer dependenton the processor for its functional operation. The operating system isnow able to independently control the processor as represented by arrow17. The processor is therefore dependent on the operating system for itsfunctional operation. As illustrated, the present invention 1 providescontrol and management for the entire computer system and is mutuallyexclusive and conceptually, physically, functionally and operationallyindependent of the processing function 43 and software 25-27. Thoseskilled in the art will recognize that application errors, corruptionand unauthorized accesses to these mutually coupled functions andresources 2 cannot affect the stability, reliability, securityprotection, performance or functional operation of the present invention1. Another benefit provided by the present invention is the increase inmemory space and system performance as depicted by 84.

Also shown in FIG. 8, the path taken 40 by the processor in the priorart block diagram of FIG. 7 has been drastically altered. The processorwas able to get at the memory controller hub directly in prior artdesigns. As can be seen from FIG. 8, the processor is forced to gothrough the present invention in order to get to the memory controllerhub as before. This is denoted by splitting the single arrow 40 of FIG.7 into three separate arrows 40 depicted in FIG. 8. This is intentionalby design since in alternate embodiments the processor will be forced togo through the security function of the present invention. The generalcomputer system resources such as the memory controller hub 9 used bythe processor and other system resources to arbitrate for access to theshared system bus 23 and shared system resources 2 are also shown alongwith high-speed video interconnect 38 and Gigabit Ethernet (GbE)interface 37 and PCI bus resources 33. Interfaces 41 and 42 have beenadded to our present invention 1. Interfaces 41 are used to operativelyand communicably coupling separate present invention controller andresource management system systems together that reside in the samecomputer system. Interfaces 42 are used to operatively and communicablycoupling separate present invention controller and resource managementsystem together that happen to be in separate computer systems.Interfaces 41 and 42 provide the computer systems a means to directlycouple present invention controller and resource management systemtogether independent of the processing function. This providesimprovements in security and reliability over prior art systems thatinstead couple the processors together, leaving the entire computersystem, processor, prior art operating system and application programsvulnerable to corruption. Since the controlling and managing functionfor the entire computer system is now independently controlling theentire computer system, it just makes sense to tie the controllingfunctions together directly rather than going through the processingfunction. This is impossible to do with prior art systems since theoperating system and processing function are mutually dependentfunctions.

FIG. 9 is one embodiment for the present invention showing a high levelblock diagram representing a computer system in which most aspects ofthe present invention are incorporated; alternately this block diagramcan be used to represent another embodiment of a personal computersystem. The computer system consisting of mutual and dependent functions2 and resources shown as: processing function 43, application programs26, program data 27, processor watchdog timer 28 and shared system bus23. In the embodiment 12, the system scheduler and manager 19, APIbuffer memory 20, basic input output system (BIOS) with device drivers21 and system security 6 have been conceptually, physically,functionally and operationally separated from the shared systemresources 2; these functions now operate independently of the processorand shared system resources 2. At startup the BIOS and device drivers 21will boot the system and allow the processing function 43 to beginloading and executing application programs 26, without having to firstload and execute operating system instructions as required in prior artcomputer systems. Those skilled in the art will realize that theprocessing function is no longer required to load and execute theinstructions necessary for the present invention 12 to functionallyoperate. The processor's control over the operating system has beeneliminated. The operating system is no longer dependent on the processorfor its functional operation. The present invention controller andresource management system is now able to independently control theprocessor in-band of the API path as shown by 40, or alternatelyout-of-band using the secure interrupts 100. The processor is thereforedependent on the present invention controller and resource managementsystem for its functional operation. As illustrated, the presentinvention 12 with scheduler/manager 19 provides control, management andsecurity for the entire computer system. This function is mutuallyexclusive and conceptually, physically, functionally and operationallyindependent of the processing function 43. Those skilled in the art willrecognize that application errors, corruption and unauthorized accessesto these mutually coupled functions and resources 2 cannot affect thestability, reliability, security protection, performance or functionaloperation of the present invention 12. Another benefit provided by thepresent invention is the increase in memory space and system performanceas depicted by 25.

As also shown in FIG. 9, the present invention 12 incorporates thememory controller hub 9 used in prior art systems to arbitrate foraccess into shared memory. Also incorporated into the present invention12 is the Input/Output (I/O) controller 36 used to interface withdevices consisting of: keyboard 35, mouse 34, PCI bus 33, serialInput/Output (SIO) 32, Universal Serial Bus (USB) 31, voicecoders-decoders (CODECs) 30 and Local Area Networks (LANs) 29. Thoseskilled in the art will realize that the shared systems resources 2, 23are no longer bottlenecks that decrease system performance since thefunctions incorporated by the present invention require far lessbandwidth from shared resources since the processor has more memoryspace and operational bandwidth by virtue of the fact that it is nolonger required to execute operating system, BIOS buffer or securitycode. Incorporating all of the computer system control into the presentinvention 12 allows those skilled in the art to produce computer systemsthat are less expensive, consume less power, are smaller, lighter, morereliable, more secure, more stable and higher performance when comparedto prior art computer systems. Bi-directional interfaces 41 provide ameans for communicating and interoperating with a plurality ofcontroller and resource management systems located within the samecomputer system as depicted in FIG. 12. Bi-directional interfaces 42provide a means for communicating and interoperating with a plurality ofcontroller and resource management systems located remotely andnetworked via local area network (LAN) or wide area network (WAN)networks as depicted in FIG. 14.

FIG. 10 shows more detail of processing function 43 comprised ofprocessor 15 and local processor memory 14 are operatively andcommunicably coupled to the present invention 85 through bidirectionalinterface 40 and secure interrupts 100. The processor is required to usethis path for downloading new code, booting and communicating with theremaining functions and resources of the computer system. Internal datapath 48 is shown for completeness assuming most processors have on-boardmemory. Computer system events 71 will prompt communication between thepresent invention and the processor through bidirectional interface 40or secure interrupts 100. Data path 40 is used for both data and in-bandmessaging by both the processor and present invention. The processorwill execute an API call to the present invention as it does for priorart computer systems when the API buffer memory is located in internalor local memory space. The present invention will respond to theprocessors request for service based on a prioritized schedulingalgorithm executing in 19. Alternately the controller and resourcemanagement system can send secure interrupts to the processor where theprocessor will respond by saving context and vectoring to anotherprocess via an interrupt service routine (ISR) and the aforementionedAPI buffer memory. The present invention controller and resourcemanagement system treats the processor just like any other resource inthe computer system; the processor is no longer in control of thesituation. This works out well since the centralized controlling andmanaging function for the entire computer system should be in control ofevery interface, every function and every system resource.

FIG. 11 shows a plurality (four in this case) of controller and resourcemanagement systems 12 within the same computer system operativelycoupled to shared system memory via memory interface 23. The controllerand resource management systems 12 are shown coupled to processingfunctions 43 as depicted previously in FIG. 10. This arrangement isunique since the controller and resource management systems are directlycoupled to the shared resource and not the processors as in prior artsystems. Since the controlling functions are directly coupled together,all data must pass through the system security function provided by thecontroller and resource management systems.

Referring to FIG. 12, Bi-directional interfaces 41 provide a means for aplurality of present inventions 12 with to directly communicate andinteroperate within the same computer system 49; four controller andresource management systems are shown connected together in a full mesh.Prior art requires the communication and interoperability to occurbetween processors, not operating systems. Path 41 allows the presentinvention controller and resource management system to communicateindependently of processing function 43. Those skilled in the art willrealize the advantages of directly connecting the controlling andmanaging functions together. The present invention provides a moresecure, stable and reliable means of interoperating than prior art. Thepresent invention also provides increased communications and datathroughput while exhibiting lower latency in security protection andpolicy decisions.

Referring to FIG. 13, Bi-directional interfaces 42 provide a means for aplurality of present inventions 12, each within their own separatecomputer system chassis 49 to directly communicate and interoperate viaa full mesh local area network (LAN) 29 or wide area network (WAN) 37;four controller and resource management systems 12 are shown connectedtogether in a full mesh. Prior art requires the communication andinteroperability to occur between processors, not operating systems. Thepresent invention controller and resource management systemindependently controls and manages the processor and all computer systemfunctions and resources. Those skilled in the art will realize theadvantages of directly connecting the controlling and managing functionstogether. The present invention provides a more secure, stable andreliable means of interoperating than prior art. The present inventionalso provides increased communications and data throughput whileexhibiting lower latency relative to processing security protection andpolicy decisions. When the full mesh computer system-to-computer systemnetwork of present FIG. 13 is combined with the internal computer systemfull mesh network of previous FIG. 12, one skilled in the art can onlydream of all the various possibilities this unique technology has tooffer. These highly intelligent and secure “micronodes©” start to look alot like their older, but not wiser siblings-the “nodes” found in allLAN and WAN networks today. By assigning unique addresses to eachmicronode©, the combination of a local processing function with anintelligent and secure local controller and resource management systemcan be treated like any other LAN or WAN node. Entire networks can becreated within the confines of an equipment rack due to the rapidincrease in device integration. Since certain embodiments of the presentinvention has optical I/Os in the form of vertical cavity emittinglasers (VCELS), the micronodes© can be optically coupled to othermicronodes© or even to remote nodes found in present day LAN and WANnetworks. In one embodiment, FIG. 13 represents a plurality ofcommunications computer systems coupled together via a full meshnetwork.

Referring to FIG. 14, a high-level schematic representing a computersystem wherein the present invention 12 is electrically isolated fromall other system functions and resources internal and external to thecomputer system, Including the processor and local processor memory 43.The present invention 12 is powered by the secondary output 52 of asource 51 isolated power supply. The secondary output of this supply 52is used to exclusively power the present invention 12 and the presentinvention-side of the optical isolation devices 50. The computersystem-side 40, 100, 23, 29-35, 37, 38, 41 and 42 of the isolationdevices are powered by a separate computer system power supply that iselectrically isolated from secondary output 52 of the present inventionpower supply. Optical isolation devices 50 provide bi-directionaloptical transmission and electrical isolation of all signals and datatransferred between the present invention and the computer systeminterfaces: 15, 19, 8, 17, 18, 100 and 20. Those skilled in the art willrealize that any additional interface signals required such asadditional clocks will also have to be isolated by similar means. Byelectrically isolating the present invention from the rest of thecomputer system those skilled in the art can produce a more robustsystem that is less susceptible to the harmful effects of ESD as well asconducted and radiated EMI. This is one advantage and improvement thatprior art systems will never be able to match since the functions thathave been incorporated into the present invention are physically andelectrically coupled in prior art systems and can never be electricallyisolated by prior art systems. The present invention offers a uniquesolution to these problems that is impossible to duplicate with priorart systems since prior art operating systems are inherently coupledphysically and electrically to the processing function.

FIGS. 15 and 16 show a high level block diagram representing oneembodiment for present invention 12; a more detailed illustration forevent and security handling is given in FIG. 16. The controller andresource management system event handler receiver buffer 67 receives andbuffers a plurality of computer system events from interfaces 42, 41,29-35, 37 or 38, the events are sent to the event handler 66 via 65where the events are assigned a type identifier label 101 and securitylevel identifier label 102; here the events are categorized and alsoprioritized based on the type identifier label and security levelidentifier labels. The computer system event data received frominterfaces 42, 41, 29-35, 37 or 38 is buffered in receiver buffer 67 andtakes a separate path 64 from the type identifier label and securitylevel identifier labels 65 in order to provide hardware securityprotection 6 of all untrusted content data received. The identifiers arenot required to pass thru the data interrogator/filter 103 since theidentifiers are generated internally by 67 and are therefore viewed asinherently trusted content by the present invention. The data andidentifiers are routed to the system security function 6 by the routingfunction 104. The received data is then interrogated by the systemsecurity function 6 (to determine whether it is from an unauthorizedsource, a suspect source or an authorized source), and furtherclassified based on the results of this interrogation as well as thetype and security level identifier labels assigned previously. The datais classified by 105 into at least three severity levels according to apredetermined level of security threat, tagging the data in 105 as “red”to denote unauthorized accesses, “yellow” to denote suspect accesses or“green” to denote authorized accesses. The “red” tagged data can triggerexception events such as storing the event in non-volatile memory,storing to disc, messaging the processor, interrupting the processor viasecure interrupts 100, resetting the present invention or computersystem or messaging another system resource 6. Yellow-tag data can bebuffered for further interrogation by the present invention, theprocessor or some other system resource. Further interrogation ofyellow-tag data will determine if it should ultimately be tagged “red”or “green”. Data can never remain yellow and must be dropped into the“red” bucket if no determination can be made within a timeout period.Data tagged as “green” can be immediately forwarded to its properdestination: system resources including the processor, system memory oranother I/O interface; green-tag data can also be broadcast or multicastto a plurality of destinations. Yellow-tag data is buffered in the eventport data buffers 67 while deciding its ultimate fate. Yellow tags canbe sent through API buffer memory 20 and forwarded to the processor via53, 45 and 40. Red-tag data is not buffered, the red-tag is sentdirectly from the security protection function 6 to the processor via53, 45 and 40. Alternately yellow and red events may be logged innon-volatile memory, written to disc, sent out interfaces 42, 41, 29-35,37, interrupt the processor via secure interrupts 100, or cause awatchdog timeout event. Green-tagged data is forwarded via 62 to theresource scheduler 19. The resource scheduler may be implemented as astate machine as shown in FIG. 17, a weighted round-robin machine asshown in FIG. 18 or a time division multiplexed machine as shown in FIG.19. The resource scheduler prioritizes the green-tags and checks to seeif the processor needs servicing or if a higher-priority task has beenscheduled before scheduling the green-tag event. The scheduler canprioritized based on the importance of the pending process as in priorart computer systems, or it can prioritize based on the security threatlevel assigned to the computer system event for the pending process. Thescheduler has an integral memory manager 39 that manages the sharedmemory resources via interface 23. The resource scheduler will forwardall data to the appropriate interfaces such as 23, 40, 42, 41, 29-35 or37. The present invention is also capable of broadcasting andmulticasting as well as policing and rate matching various interfaces.

External clocks are received on interfaces 90-92; an internal clockgenerator with integral phase lock loops (PLLs)61 provides clocks atmultiples or submultiples of the external clocks. The integral watchdogtimer 5 is supplied with primary 93 and secondary 94 redundant clocksthat are source-independent of each other, clocks 90-92 and all othersystem clocks including all processor clocks.

The present invention is provided with in integral watchdog timer 5 thatfunctions independently of the processor and all other computer systemfunctions, including functions internal to the present invention. Theintegral watchdog timer is provided as an operationally separate andindependent monitor to augment the prior art processor watchdog timer.This watchdog is provided specifically to monitor the health of thepresent invention 12. This important function is unique to thisinvention since it is impossible for prior art to provide a watchdogtimer specifically for the functions contained in the present inventionsince the processor and operating system within prior art systems aremutually dependent functions and cannot be monitored by separate andindependent watchdogs. Failure of the present invention to “throw thedog a bone” by refreshing the timeout will cause a timeout and resettingof the present invention and possibly the processor or entire computersystem. The additional watchdog provides protection against catastrophicfailures specific to the present invention and mitigates problemsassociated with single event, common-mode failures within prior artsystems by providing a second, separate and independently operatingwatchdog unique to this invention.

The basic input output system (BIOS) with device drivers 21, the deviceconfiguration manager 44 and device configuration table 58 (alternatelystored in external memory) are provided primarily for booting orupdating the computer system via interfaces 23, 40, 42, 41, 29-35 or 37.The processor and shared system memory no longer have to get involved inbooting or configuring the system, or interfacing with computer systemresources via device drivers; no software is required. The invention isan improvement over prior art since booting will happen quicker and alsobe protected from unauthorized accesses, corruption or applicationprogram errors; our system is therefore more reliable, stable, secureand higher-performing when compared to prior art computer systems.

It is important to note that all data externally entering or exiting thecomputer system can be interrogated for unauthorized attempts to accesssystem resources. Data entering the system should always be checkedwhereas data exiting the system need not always be checked. Furthermore,all program and user data transferred between the processing functionand remaining resources and functions of the computer system is requiredto pass through the integral system security function of the presentinvention. Those skilled in the art will notice that the presentinvention can be considered the independently operating; centralizedcontrolling, managing and security function for the entire computersystem. Whereas the present invention has become the heartbeat for theentire computer system, the security function integral to the presentinvention has become the key centralized and vitally important functionfor the entire computer system. All data passing through the presentinvention, especially processor data; is ultimately subjected torigorous interrogation by the integral system security function 6. Thepresent invention improves upon prior art by providing a system-levelsecurity function that is conceptually, physically, functionally,operationally and electrically independent of all other functions andresources internal or external to the computer system (most importantlyindependent of the processing function). The present invention furtherimproves upon prior art by providing an independently functioning andoperating watchdog timer that exists only to protect the presentinvention from catastrophic failure events

FIGS. 17, 18 and 19 have been included for completeness as referenceonly, with the exception of the system security function unique to thepresent invention. Those skilled in the art will have little difficultyproducing the present invention with the information herein supplied.Many event/task scheduling methods exist in the public domain and it isunderstood that the referenced implementations should be used only as arough guide to the manufacture of the present invention. FIG. 17 is ahigh level flow diagram illustrating a method for the present inventionusing a state machine implementation. FIG. 18 is a high level flowdiagram illustrating a method for the present invention using a weightedround-robin implementation. FIG. 19 is a high level flow diagramillustrating a method for the present invention using a time divisionmultiplexing (TDM) implementation.

FIG. 17: The state machine version illustrates a simple event handlerand resource scheduler with security protection that represents thesimplest form of the present invention that would be used primarily forsingle-user systems with only a handful of tasks or threads running atany given time. The operation begins following a power on reset orwatchdog timeout event 68; the system initiates a computer system bootand configures all computer system devices via device drivers 69 beforeentering an idle state 70; the system performs low priority backgroundtasks in the idle state. When the system recognizes a new computersystem event 71 either by receiving an interrupt, by polling systemstatus registers, by receiving a new message from a computer systemresource or by some other means, it will immediately invoke the integralsystem security function 72 where received data is filtered and reviewedfor unauthorized access to the system. The data is then tagged as “red”,“yellow” or “green” whereby red denotes an unauthorized access attempt;yellow denotes suspect data and green denotes an authorized access. Datatagged as red may prompt the system into sending an alert message to theprocessor, sending a secure interrupt to the processor 100, sending analert message to a system interface or may initiate a timeout of theintegral watchdog timer. The action taken by the system is based on aset of dynamic rules that are configured by the user or systemadministrator. These rules may be influenced by such factors as type ofsystem, security protection threshold, source of data, priority of data,frequency of unauthorized attempts and many other factors. Data taggedas yellow is buffered and further interrogated based on a set of dynamicrules that are configured by the user or system administrator. If thereceived data is tagged green then the application program interface(API) buffer memory is interrogated in state 73 to find out whether ornot the processor is waiting to perform a higher-priority process orhigher security level process than the current process. Based on thisinformation, the event scheduler and resource manager 74 will controland manage the events and transfer of data for the entire computersystem. Once the present invention has determined what to do next, thedata will be forwarded to the processor via API buffer memory interface40 or to the integral memory manager buffers on its way to shared systemmemory 23. The data can also be broadcast or multicast out a pluralityof interfaces including 29-35, 37, 38 41 or 42. Once the current processis complete the system will look for the next process to execute 75. Ifnothing is found 76 the system revisits the idle state 70. If the systemfinds something to do 86 it will immediately enter the system securitystate 72 to begin filtering and reviewing data for unauthorized accessesto the system.

FIG. 18: The weighted round-robin implementation illustrates a moresophisticated event handler and resource scheduler with system securityprotection. The weighted-round robin version is similar to the statemachine previously described with the exception of the followingfunctions: 78, 79 and 80. This version allows multiple processes to beprioritized and weighted according to system security protection level,user preferences, interface, data type or any number of prioritycategories 79. Multiple processes are handled “round-robin” with eachreceiving service in an endless chain based on dynamic weighting ofpriorities 78, 79. This version offers more flexibility and granularityto the event handler and resource managers for making scheduling andresource usage decisions. The weighting applied to the multipleprocesses can be applied based on a fairness algorithm as well.

FIG. 19: The Time Division Multiplexing (TDM) version is similar to thestate machine previously described with the exception of the followingfunctions: 81, 82 and 83. The TDM version evaluates each of the multipleprocesses 81 and then dynamically allocates a time period to each of themultiple processes 82 representing a portion, or time period of theoverall system bandwidth 83. This type of system might be beneficialwhen dealing with multimedia applications involving real-time audio andvideo processing.

FIG. 20 shows one embodiment where the improvements and advantages ofthe present invention are used for wireless communication for productssuch as wireless cellphones, wireless personal digital assistants (PDAs)or wireless portable computers such as laptop personal computers. Thesecurity advantages of the present invention are clearly illustrated inthis embodiment. Computer system events 71 caused by keypad entry 35 orwireless received data 107, received from antenna 106 are received andstored in the receiver buffer 67. The local keyboard event and data 35,as well as the reception of remote wireless data 106 will both followthe secure path through the present invention as described previouslyherein. Only secure and trusted data will be stored in system memory.Only secure and trusted data will make it out to the video 38 and audio30 user interfaces. Data tagged as “yellow” or “red” will prompt thesystem security notifier and alert function to inform system resourcesof the security threat received from the keypad 35 or the wirelessreceived data 107. Wireless communication is particularly susceptible tounauthorized access by untrusted content. The present inventionaddresses that problem in this embodiment.

A variety of implementations can be used in combination or dynamicallyswapped by replacing an existing implementation with a new version bydynamically loading the new version into the present invention fromnon-volatile memory. Those skilled in the art will realize thatcommonality exists in the three implementations previously described;this of course lends itself to reuse of system functions (modules) andprovides the additional benefit of having the inherent capabilities ofmerging the best of all three designs into one single combination of thethree. The combination of the aforementioned event handlers and resourceschedulers is the preferred embodiment for providing ultimateperformance for a given set of computer system applications while alsoproviding efficient reuse of design functions. These implementations arepresented as a guide to those skilled in the art and are not intended tolimit in any manner whatsoever the construction of the presentinvention.

Those skilled in the art will realize that an example of a fullyfunctional computer system operating independently of the processor andprocessor instructions can be demonstrated using the embodiment 12 ofthe present invention in conjunction with high level flow diagrams ofFIGS. 17-19. The present invention 12 will begin initial operationsafter receiving a power on reset event 68; the functions primarilyresponsible for booting the computer system and configuring the computersystem devices are functions: clocks 61, BIOS and device drivers 21,device configuration table 58 and device configuration manager 44(keeping in mind that other functions of the present invention 12 arerequired to support the booting and configuring operations; they arealso required to execute low priority background tasks.) Once bootingand configuring are complete, the present invention 12 is now preparedto respond to computer system events 71, initiated on interfaces 23, 40,29-35, 37, 38 41 or 42 consisting of; interrupts, received messages orstate changes in status buffers. Let's say that we happen to receive aninterrupt from keyboard interface 35 indicating that a local user of thecomputer system has input a text message to be sent out anotherinterface 29; the present invention must also send this very samemessage to the user interface (video monitor) 38. The event handlers 66,67 along with the resource scheduler 19 and system security function 6will categorize the keyboard event and proceed to place a “red”,“yellow” or “green” tag to the event. Let's assume the keyboard eventgets a “green” tag; since keyboard entries are very slow events that arebuffered, the present invention may want to finish off some backgroundprocesses 70 while waiting for the high-water threshold of the keyboardbuffer before starting to service the keyboard buffer. When the systemhas determined that it is time to service the keyboard it will forwardall data to the system security function 22 via keyboard interface 35,I/O controller hub 36 and internal bus 47. Each keystroke isinterrogated by the system security function 6 in order to flagunauthorized attempts to access computer system resources via thekeyboard interface 35. Let's assume that a complete text message wasentered and some of the data has been flagged “very-bright-red”, (acertain four keys were mischievously pressed). Our system securityprotection can choose not to display these four keys back to the uservia the video monitor. The remaining “green-flagged” data will bedisplayed on the video monitor. Meanwhile the data has been temporarilybuffered in computer system memory 25 via memory controller 39 andmemory interface 23. If the present invention detects a button “click”event on mouse I/F 34 it may respond by retrieving the stored data frommemory 25 via memory I/F 23 and memory controller 39. The presentinvention can also choose to re-verify the data using the systemsecurity function 6 depending on how “aged” the data is. Since the datawas assigned type and security level identifier labels when previouslystored in computer system memory 25, those identifiers can now be readin order to determine the proper destination(s) for the data. The datacan now be forwarded to any computer system interface, as well asbroadcast or multicast out multiple interfaces if need be. Let's assumethat this text message is intended to be sent to a local printer, to afriend on a local area network(LAN)29, to a video game executing asanother process on this same computer system and also to atext-to-speech interface just for fun (it's good that we were able topreviously filter those four mischievous keys just in case the volume iscranked up on the text-to speech audio interface 30). The presentinvention is fully capable of broadcasting, (or more likely in this casemulticasting) to multiple destinations. In this example we have alreadysent the keyed data to the user interface via 38; it can now bemulticast to the local printer attached to either serial input/output(SIO)32 interface or universal serial bus (USB)31. The data is alsomulticast to local area network (LAN) interface 29 via layer-2 mediaaccess controller (MAC) 46 integrated into I/O controller hub 36; the“friend” receives the eagerly awaited text message (sans the missingfour keys); meanwhile the text-to-speech message has been sent outcoder/decoder (CODEC) interface 30 for the long awaited audioannouncement (again, sans four key letters). This example is intended tohighlight some of the unique functions and features integral to thisinvention: system-level events can take place independently of thecomputer system processor, multi-level security is available at everyinterface and in every direction within the present invention, data canbe multicast or broadcast out multiple computer system interfaces.

While the present invention has been described with reference to thespecific embodiments thereof, it should be understood by those skilledin the art that various changes may be made and equivalents may besubstituted without departing from the true spirit and scope of theinvention. In addition, many modifications may be made to adapt aparticular situation, material, composition of matter, process, processstep or steps, to the objective, spirit and scope of the presentinvention. All such modifications are intended to be within the scope ofthe claims appended hereto.

1. In a computer system having a plurality of computer system resources,a controller and resource management system and method for controllingand managing said plurality of computer system resources, said computersystem comprising: said controller and resource management system; saidplurality of computer system resources; wherein said plurality ofcomputer system resources are operatively dependent on said controllerand resource management system, and wherein said controller and resourcemanagement system is operatively and functionally independent of saidplurality of computer system resources.
 2. The controller and resourcemanagement system of claim 1 wherein said computer system is a wirelesscommunicating device such as a cellphone.
 3. The controller and resourcemanagement system of claim 1 wherein said computer system is a portablecomputer such as a hand-held personal digital assistant (PDA) or laptoppersonal computer.
 4. The controller and resource management system ofclaim 1 wherein said computer system is a personal computer.
 5. Thecontroller and resource management system of claim 1 wherein saidcomputer system is a communications server.
 6. In a computer systemhaving a plurality of computer system resources, a controller andresource management system and method for controlling and managing saidplurality of computer system resources, said computer system comprising:said controller and resource management system; said plurality ofcomputer system resources; wherein said plurality of computer systemresources are operatively dependent on said controller and resourcemanagement system, and wherein said controller and resource managementsystem is operatively and functionally independent of said plurality ofcomputer system resources, and wherein said controller and resourcemanagement system is therein implemented in hardware or firmware.
 7. Thecontroller and resource management system of claim 6 wherein saidcomputer system is a wireless communicating device such as a cellphone.8. The controller and resource management system of claim 6 wherein saidcomputer system is a portable computer such as a hand-held personaldigital assistant (PDA) or laptop personal computer.
 9. The controllerand resource management system of claim 6 wherein said computer systemis a personal computer.
 10. The controller and resource managementsystem of claim 6 wherein said computer system is a communicationsserver.
 11. In a computer system having a plurality of computer systemresources, a controller and resource management system and method forcontrolling and managing said plurality of computer system resources,said computer system comprising: said controller and resource managementsystem; said plurality of computer system resources; wherein saidplurality of computer system resources are operatively dependent on saidcontroller and resource management system, and wherein said controllerand resource management system is operatively and functionallyindependent of said plurality of computer system resources, and whereinsaid controller and resource management system is therein implemented inhardware or firmware electrically isolated from said plurality ofcomputer system resources.
 12. The controller and resource managementsystem of claim 11 wherein said computer system is a wirelesscommunicating device such as a cellphone.
 13. The controller andresource management system of claim 11 wherein said computer system is aportable computer such as a hand-held personal digital assistant (PDA)or laptop personal computer.
 14. The controller and resource managementsystem of claim 11 wherein said computer system is a personal computer.15. The controller and resource management system of claim 11 whereinsaid computer system is a communications server.
 16. In a computersystem having a plurality of computer system resources, a controller andresource management system and method for controlling and managing saidplurality of computer system resources, and handling a plurality ofcomputer system events, said computer system comprising: said controllerand resource management system; said plurality of computer systemresources; wherein said plurality of computer system resources areoperatively dependent on said controller and resource management system,and wherein said controller and resource management system isoperatively and functionally independent of said plurality of computersystem resources, said controller and resource management systemcomprising at least: a system security function for notifying andalerting said plurality of computer system resources of said pluralityof computer system events; an event handler for assigning a typeidentifier label and security level identifier label to said pluralityof computer system events, said event handler comprising: a receiver andbuffer for receiving said plurality of computer system events; a typeidentifier function coupled to said receiver and buffer for identifyingthe type of said plurality of computer system events and assigning atype identifier label to said plurality of computer system events; asecurity identifier function coupled to said type identifier functionfor identifying the security level of said plurality of computer systemevents and assigning a security level identifier label to said pluralityof computer system events; and a routing function coupled to saidsecurity identifier function and further coupled to said system securityfunction for routing said plurality of computer system events with theirassigned said type identifier label and said security level identifierlabel to said system security function based on said event handlersdetermination of said type identifier and said security level identifierfor received said plurality of computer system events; wherein saidmethod comprising: a method for receiving, identifying, routing,storing, notifying and alerting said plurality of computer systemresources of said plurality of computer system events, wherein saidplurality of computer system events are received into said receiver andbuffer, said plurality of computer system events are sent to said typeidentifier function for identifying and labeling the type of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label are then sent to said securityidentifier function for identifying and labeling the security level ofsaid plurality of computer system events, said plurality of computersystem events with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and further notifying and alerting said plurality ofcomputer system resources of said type and said security level assignedto said plurality of computer system events.
 17. The controller andresource management system of claim 16 wherein said computer system is awireless communicating device such as a cellphone.
 18. The controllerand resource management system of claim 16 wherein said computer systemis a portable computer such as a hand-held personal digital assistant(PDA) or laptop personal computer.
 19. The controller and resourcemanagement system of claim 16 wherein said computer system is a personalcomputer.
 20. The controller and resource management system of claim 16wherein said computer system is a communications server.
 21. In acomputer system having a plurality of computer system resources, acontroller and resource management system and method for controlling andmanaging said plurality of computer system resources, and handling aplurality of computer system events, said computer system comprising:said controller and resource management system; said plurality ofcomputer system resources; wherein said plurality of computer systemresources are operatively dependent on said controller and resourcemanagement system, and wherein said controller and resource managementsystem is operatively and functionally independent of said plurality ofcomputer system resources, and wherein said controller and resourcemanagement system is therein implemented in hardware or firmware, saidcontroller and resource management system comprising at least: a systemsecurity function for notifying and alerting said plurality of computersystem resources of said plurality of computer system events; an eventhandler for assigning a type identifier label and security levelidentifier label to said plurality of computer system events, said eventhandler comprising; a receiver and buffer for receiving said pluralityof computer system events; a type identifier function coupled to saidreceiver and buffer for identifying the type of said plurality ofcomputer system events and assigning a type identifier label to saidplurality of computer system events; a security identifier functioncoupled to said type identifier function for identifying the securitylevel of said plurality of computer system events and assigning asecurity level identifier label to said plurality of computer systemevents; and a routing function coupled to said security identifierfunction and further coupled to said system security function forrouting said plurality of computer system events with their assignedsaid type identifier label and said security level identifier label tosaid system security function based on said event handlers determinationof said type identifier and said security level identifier for receivedsaid plurality of computer system events; wherein said methodcomprising: a method for receiving, identifying, routing, storing,notifying and alerting said plurality of computer system resources ofsaid plurality of computer system events, wherein said plurality ofcomputer system events are received into said receiver and buffer, saidplurality of computer system events are sent to said type identifierfunction for identifying and labeling the type of said plurality ofcomputer system events, said plurality of computer system events withsaid type identifier label are then sent to said security identifierfunction for identifying and labeling the security level of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and further notifying and alerting said plurality ofcomputer system resources of said type and said security level assignedto said plurality of computer system events.
 22. The controller andresource management system of claim 21 wherein said computer system is awireless communicating device such as a cellphone.
 23. The controllerand resource management system of claim 21 wherein said computer systemis a portable computer such as a hand-held personal digital assistant(PDA) or laptop personal computer.
 24. The controller and resourcemanagement system of claim 21 wherein said computer system is a personalcomputer.
 25. The controller and resource management system of claim 21wherein said computer system is a communications server.
 26. In acomputer system having a plurality of computer system resources, acontroller and resource management system and method for controlling andmanaging said plurality of computer system resources, and handling aplurality of computer system events, said computer system comprising:said controller and resource management system; said plurality ofcomputer system resources; wherein said plurality of computer systemresources are operatively dependent on said controller and resourcemanagement system, and wherein said controller and resource managementsystem is operatively and functionally independent of said plurality ofcomputer system resources, and wherein said controller and resourcemanagement system is therein implemented in hardware or firmwareelectrically isolated from said plurality of computer system resources,said controller and resource management system comprising at least: asystem security function for notifying and alerting said plurality ofcomputer system resources of said plurality of computer system events;an event handler for assigning a type identifier label and securitylevel label to said plurality of computer system events, said eventhandler comprising; a receiver and buffer for receiving said pluralityof computer system events; a type identifier function coupled to saidreceiver and buffer for identifying the type of said plurality ofcomputer system events and assigning a type identifier label to saidplurality of computer system events; a security identifier functioncoupled to said type identifier function for identifying the securitylevel of said plurality of computer system events and assigning asecurity level identifier label to said plurality of computer systemevents; and a routing function coupled to said security identifierfunction and further coupled to said system security function forrouting said plurality of computer system events with their assignedsaid type identifier label and said security level identifier label tosaid system security function based on said event handlers determinationof said type identifier and said security level identifier for receivedsaid plurality of computer system events; wherein said methodcomprising: a method for receiving, identifying, routing, storing,notifying and alerting said plurality of computer system resources ofsaid plurality of computer system events, wherein said plurality ofcomputer system events are received into said receiver and buffer, saidplurality of computer system events are sent to said type identifierfunction for identifying and labeling the type of said plurality ofcomputer system events, said plurality of computer system events withsaid type identifier label are then sent to said security identifierfunction for identifying and labeling the security level of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and further notifying and alerting said plurality ofcomputer system resources of said type and said security level assignedto said plurality of computer system events.
 27. The controller andresource management system of claim 26 wherein said computer system is awireless communicating device such as a cellphone.
 28. The controllerand resource management system of claim 26 wherein said computer systemis a portable computer such as a hand-held personal digital assistant(PDA) or laptop personal computer.
 29. The controller and resourcemanagement system of claim 26 wherein said computer system is a personalcomputer.
 30. The controller and resource management system of claim 26wherein said computer system is a communications server.
 31. In acomputer system having a plurality of computer system resources, acontroller and resource management system and method for controlling andmanaging said plurality of computer system resources, and handling aplurality of computer system events, said computer system comprising:said controller and resource management system; said plurality ofcomputer system resources; wherein said plurality of computer systemresources are operatively dependent on said controller and resourcemanagement system, and wherein said controller and resource managementsystem is operatively and functionally independent of said plurality ofcomputer system resources, said controller and resource managementsystem comprising at least: an event handler for receiving saidplurality of computer system events and further assigning a typeidentifier label and security level identifier label to said pluralityof computer system events; a system security function coupled to saidevent handler for notifying and alerting said plurality of computersystem resources of said plurality of computer system events; saidsystem security function operatively and functionally independent ofsaid plurality of computer system resources; a watchdog timer functionfor independently monitoring the health and operation of said controllerand resource management system; said watchdog timer operatively andfunctionally independent of said plurality of computer system resources;a plurality of bidirectional Input/Output (I/O) interfaces providing ameans for direct coupling between a plurality of said controller andresource management systems, said direct coupling operatively andfunctionally independent of said plurality of computer system resources.32. In a computer system having a plurality of computer systemresources, a controller and resource management system and method forcontrolling and managing said plurality of computer system resources,and handling a plurality of computer system events, said computer systemcomprising: said controller and resource management system; saidplurality of computer system resources; wherein said plurality ofcomputer system resources are operatively dependent on said controllerand resource management system, and wherein said controller and resourcemanagement system is operatively and functionally independent of saidplurality of computer system resources, said controller and resourcemanagement system comprising at least: an event handler for receivingsaid plurality of computer system events and further assigning a typeidentifier label and security level identifier label to said pluralityof computer system events; a system security function coupled to saidevent handler for notifying and alerting said plurality of computersystem resources of said plurality of computer system events; saidsystem security function operatively and functionally independent ofsaid plurality of computer system resources; a watchdog timer functionfor independently monitoring the health and operation of said controllerand resource management system; said watchdog timer operatively andfunctionally independent of said plurality of computer system resources;a plurality of bidirectional Input/Output (I/O) interfaces providing ameans for direct coupling between a plurality of said controller andresource management systems, said direct coupling operatively andfunctionally independent of said plurality of computer system resources;wherein said event handler comprising at least: an event handler forassigning a type identifier label and security level identifier label tosaid plurality of computer system events, said event handler comprising;a receiver and buffer for receiving said plurality of computer systemevents; a type identifier function coupled to said receiver and bufferfor identifying the type of said plurality of computer system events andassigning a type identifier label to said plurality of computer systemevents; a security identifier function coupled to said type identifierfunction for identifying the security level of said plurality ofcomputer system events and assigning a security level identifier labelto said plurality of computer system events; and a routing functioncoupled to said security identifier function and further coupled to saidsystem security function for routing said plurality of computer systemevents with their assigned said type identifier label and said securitylevel identifier label to said system security function based on saidevent handlers determination of said type identifier and said securitylevel identifier for received said plurality of computer system events;wherein said method comprising: a method for receiving, identifying,routing, storing, notifying and alerting said plurality of computersystem resources of said plurality of computer system events, whereinsaid plurality of computer system events are received into said receiverand buffer, said plurality of computer system events are sent to saidtype identifier function for identifying and labeling the type of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label are then sent to said securityidentifier function for identifying and labeling the security level ofsaid plurality of computer system events, said plurality of computersystem events with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and notifying and alerting said plurality of computersystem resources of said type and said security level assigned to saidplurality of computer system events, and wherein said system securityfunction storing said plurality of computer system events with said typeidentifier label and said security level identifier label and notifyingand alerting said plurality of controller and resource managementsystems of said type and said security level assigned to said pluralityof computer system events, said system security function notifying andalerting said plurality of controller and resource management systemsusing said plurality of bidirectional Input/Output (I/O) interfaces. 33.The controller and resource management system of claim 32 wherein saidcomputer system is a wireless communicating device such as a cellphone.34. The controller and resource management system of claim 32 whereinsaid computer system is a portable computer such as a hand-held personaldigital assistant (PDA) or laptop personal computer.
 35. The controllerand resource management system of claim 32 wherein said computer systemis a personal computer.
 36. The controller and resource managementsystem of claim 32 wherein said computer system is a communicationsserver.
 37. In a computer system having a plurality of computer systemresources, a controller and resource management system and method forcontrolling and managing said plurality of computer system resources,and handling a plurality of computer system events, said computer systemcomprising: said controller and resource management system; saidplurality of computer system resources; wherein said plurality ofcomputer system resources are operatively dependent on said controllerand resource management system, and wherein said controller and resourcemanagement system is operatively and functionally independent of saidplurality of computer system resources, and wherein said controller andresource management system is therein implemented in hardware orfirmware, said controller and resource management system comprising atleast: an event handler for receiving said plurality of computer systemevents and further assigning a type identifier label and security levelidentifier label to said plurality of computer system events; a systemsecurity function coupled to said event handler for notifying andalerting said plurality of computer system resources of said pluralityof computer system events; said system security function operatively andfunctionally independent of said plurality of computer system resources;a watchdog timer function for independently monitoring the health andoperation of said controller and resource management system; saidwatchdog timer operatively and functionally independent of saidplurality of computer system resources; a plurality of bidirectionalInput/Output (I/O) interfaces providing a means for direct couplingbetween a plurality of said controller and resource management systems,said direct coupling operatively and functionally independent of saidplurality of computer system resources; wherein said event handlercomprising at least: an event handler for assigning a type identifierlabel and security level identifier label to said plurality of computersystem events, said event handler comprising; a receiver and buffer forreceiving said plurality of computer system events; a type identifierfunction coupled to said receiver and buffer for identifying the type ofsaid plurality of computer system events and assigning a type identifierlabel to said plurality of computer system events; a security identifierfunction coupled to said type identifier function for identifying thesecurity level of said plurality of computer system events and assigninga security level identifier label to said plurality of computer systemevents; and a routing function coupled to said security identifierfunction and further coupled to said system security function forrouting said plurality of computer system events with their assignedsaid type identifier label and said security level identifier label tosaid system security function based on said event handlers determinationof said type identifier and said security level identifier for receivedsaid plurality of computer system events; wherein said methodcomprising: a method for receiving, identifying, routing, storing,notifying and alerting said plurality of computer system resources ofsaid plurality of computer system events, wherein said plurality ofcomputer system events are received into said receiver and buffer, saidplurality of computer system events are sent to said type identifierfunction for identifying and labeling the type of said plurality ofcomputer system events, said plurality of computer system events withsaid type identifier label are then sent to said security identifierfunction for identifying and labeling the security level of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and notifying and alerting said plurality of computersystem resources of said type and said security level assigned to saidplurality of computer system events, and wherein said system securityfunction storing said plurality of computer system events with said typeidentifier label and said security level identifier label and notifyingand alerting said plurality of controllers and resource managements ofsaid type and said security level assigned to said plurality of computersystem events, said system security function notifying and alerting saidplurality of controller and resource management systems using saidplurality of bidirectional Input/Output (I/O) interfaces.
 38. Thecontroller and resource management system of claim 37 wherein saidcomputer system is a wireless communicating device such as a cellphone.39. The controller and resource management system of claim 37 whereinsaid computer system is a portable computer such as a hand-held personaldigital assistant (PDA) or laptop personal computer.
 40. The controllerand resource management system of claim 37 wherein said computer systemis a personal computer.
 41. The controller and resource managementsystem of claim 37 wherein said computer system is a communicationsserver.
 42. In a computer system having a plurality of computer systemresources, a method for controlling and managing said plurality ofcomputer system resources and handling a plurality of computer systemevents, said computer system comprising: said controller and resourcemanagement system; said plurality of computer system resources having atleast one processor communicably coupled to said controller and resourcemanagement system; wherein said plurality of computer system resourcesare operatively dependent on said controller and resource managementsystem, and wherein said controller and resource management system isoperatively and functionally independent of said plurality of computersystem resources, said controller and resource management systemcomprising at least: an event handler for receiving said plurality ofcomputer system events and further assigning a type identifier label andsecurity level identifier label to said plurality of computer systemevents; a system security function coupled to said event handler fornotifying and alerting said plurality of computer system resources ofsaid plurality of computer system events; said system security functionoperatively and functionally independent of said plurality of computersystem resources; a watchdog timer function for independently monitoringthe health and operation of said controller and resource managementsystem; said watchdog timer operatively and functionally independent ofsaid plurality of computer system resources; a plurality ofbidirectional Input/Output (I/O) interfaces providing a means for directcoupling between a plurality of said controller and resource managementsystems, said direct coupling operatively and functionally independentof said plurality of computer system resources.
 43. The controller andresource management system of claim 42 wherein said computer system is awireless communicating device such as a cellphone.
 44. The controllerand resource management system of claim 42 wherein said computer systemis a portable computer such as a hand-held personal digital assistant(PDA) or laptop personal computer.
 45. The controller and resourcemanagement system of claim 42 wherein said computer system is a personalcomputer.
 46. The controller and resource management system of claim 42wherein said computer system is a communications server.
 47. In acomputer system having a plurality of computer system resources, acontroller and resource management system and method for controlling andmanaging said plurality of computer system resources, and handling aplurality of computer system events, said computer system comprising:said controller and resource management system; said plurality ofcomputer system resources having at least one processor communicablycoupled to said controller and resource management system; wherein saidplurality of computer system resources are operatively dependent on saidcontroller and resource management system, and wherein said controllerand resource management system is operatively and functionallyindependent of said plurality of computer system resources, saidcontroller and resource management system comprising at least: an eventhandler for receiving said plurality of computer system events andfurther assigning a type identifier label and security level identifierlabel to said plurality of computer system events; a system securityfunction coupled to said event handler for notifying and alerting saidplurality of computer system resources of said plurality of computersystem events; said system security function operatively andfunctionally independent of said plurality of computer system resources;a watchdog timer function for independently monitoring the health andoperation of said controller and resource management system; saidwatchdog timer operatively and functionally independent of saidplurality of computer system resources; a plurality of bidirectionalInput/Output (I/O) interfaces providing a means for direct couplingbetween a plurality of said controller and resource management systems,said direct coupling operatively and functionally independent of saidplurality of computer system resources; a plurality of integral layer-2media access controllers (MACS); wherein said event handler comprisingat least: an event handler for assigning a type identifier label andsecurity level identifier label to said plurality of computer systemevents, said event handler comprising; a receiver and buffer forreceiving said plurality of computer system events; a type identifierfunction coupled to said receiver and buffer for identifying the type ofsaid plurality of computer system events and assigning a type identifierlabel to said plurality of computer system events; a security identifierfunction coupled to said type identifier function for identifying thesecurity level of said plurality of computer system events and assigninga security level identifier label to said plurality of computer systemevents; and a routing function coupled to said security identifierfunction and further coupled to said system security function forrouting said plurality of computer system events with their assignedsaid type identifier label and said security level identifier label tosaid system security function based on said event handlers determinationof said type identifier and said security level identifier for receivedsaid plurality of computer system events; wherein said methodcomprising: a method for receiving, identifying, routing, storing,notifying and alerting said plurality of computer system resources ofsaid plurality of computer system events, wherein said plurality ofcomputer system events are received into said receiver and buffer, saidplurality of computer system events are sent to said type identifierfunction for identifying and labeling the type of said plurality ofcomputer system events, said plurality of computer system events withsaid type identifier label are then sent to said security identifierfunction for identifying and labeling the security level of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and notifying and alerting said plurality of computersystem resources of said type and said security level assigned to saidplurality of computer system events, and wherein said system securityfunction storing said plurality of computer system events with said typeidentifier label and said security level identifier label and notifyingand alerting said plurality of controllers and resource managements ofsaid type and said security level assigned to said plurality of computersystem events, said system security function notifying and alerting saidplurality of controller and resource management systems using saidplurality of bidirectional Input/Output (I/O) interfaces.
 48. Thecontroller and resource management system of claim 47 wherein saidcomputer system is a wireless communicating device such as a cellphone.49. The controller and resource management system of claim 47 whereinsaid computer system is a portable computer such as a hand-held personaldigital assistant (PDA) or laptop personal computer.
 50. The controllerand resource management system of claim 47 wherein said computer systemis a personal computer.
 51. The controller and resource managementsystem of claim 47 wherein said computer system is a communicationsserver.
 52. In a computer system having a plurality of computer systemresources, a controller and resource management system and method forcontrolling and managing said plurality of computer system resources,and handling a plurality of computer system events, said computer systemcomprising: said controller and resource management system; saidplurality of computer system resources having at least one processorcommunicably coupled to said controller and resource management system;wherein said plurality of computer system resources are operativelydependent on said controller and resource management system, and whereinsaid controller and resource management system is operatively andfunctionally independent of said plurality of computer system resources,said controller and resource management system comprising at least: anevent handler for receiving said plurality of computer system events andfurther assigning a type identifier label and security level identifierlabel to said plurality of computer system events; a system securityfunction coupled to said event handler for notifying and alerting saidplurality of computer system resources of said plurality of computersystem events; said system security function operatively andfunctionally independent of said plurality of computer system resources;a watchdog timer function for independently monitoring the health andoperation of said controller and resource management system; saidwatchdog timer operatively and functionally independent of saidplurality of computer system resources; a plurality of bidirectionalInput/Output (I/O) interfaces providing a means for direct couplingbetween a plurality of said controller and resource management systems,said direct coupling operatively and functionally independent of saidplurality of computer system resources; a plurality of integral layer-2media access controllers (MACS); a manager and scheduler function formanaging and scheduling the plurality of processes to be performed bysaid plurality of computer system resources; a priority handler functionfor evaluating and categorizing said plurality of processes to beperformed by said plurality of computer system resources; aconfiguration and device driver function for configuring and controllingsaid plurality of computer system resources; a plurality ofbidirectional Input/Output (I/O) interfaces for receiving andtransmitting data between said plurality of computer system resources; aplurality of bidirectional memory buffers for providing buffing of datafor said plurality of bidirectional Input/Output (I/O) interfaces;wherein said event handler comprising at least: an event handler forassigning a type identifier label and security level identifier label tosaid plurality of computer system events, said event handler comprising;a receiver and buffer for receiving said plurality of computer systemevents; a type identifier function coupled to said receiver and bufferfor identifying the type of said plurality of computer system events andassigning a type identifier label to said plurality of computer systemevents; a security identifier function coupled to said type identifierfunction for identifying the security level of said plurality ofcomputer system events and assigning a security level identifier labelto said plurality of computer system events; and a routing functioncoupled to said security identifier function and further coupled to saidsystem security function for routing said plurality of computer systemevents with their assigned said type identifier label and said securitylevel identifier label to said system security function based on saidevent handlers determination of said type identifier and said securitylevel identifier for received said plurality of computer system events;wherein said method comprising: a method for receiving, identifying,routing, storing, notifying and alerting said plurality of computersystem resources of said plurality of computer system events, whereinsaid plurality of computer system events are received into said receiverand buffer, said plurality of computer system events are sent to saidtype identifier function for identifying and labeling the type of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label are then sent to said securityidentifier function for identifying and labeling the security level ofsaid plurality of computer system events, said plurality of computersystem events with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and notifying and alerting said plurality of computersystem resources of said type and said security level assigned to saidplurality of computer system events, and wherein said system securityfunction storing said plurality of computer system events with said typeidentifier label and said security level identifier label and notifyingand alerting said plurality of controller and resource managementsystems of said type and said security level assigned to said pluralityof computer system events, said system security function notifying andalerting said plurality of controller and resource management systemsusing said plurality of bidirectional Input/Output (I/O) interfaces. 53.The controller and resource management system of claim 52 wherein saidcomputer system is a wireless communicating device such as a cellphone.54. The controller and resource management system of claim 52 whereinsaid computer system is a portable computer such as a hand-held personaldigital assistant (PDA) or laptop personal computer.
 55. The controllerand resource management system of claim 52 wherein said computer systemis a personal computer.
 56. The controller and resource managementsystem of claim 52 wherein said computer system is a communicationsserver.
 57. In a computer system having a plurality of computer systemresources, a controller and resource management system and method forcontrolling and managing said plurality of computer system resources,and handling a plurality of computer system events, said computer systemcomprising: said controller and resource management system; saidplurality of computer system resources having at least one processorcommunicably coupled to said controller and resource management system;wherein said plurality of computer system resources are operativelydependent on said controller and resource management system, and whereinsaid controller and resource management system is operatively andfunctionally independent of said plurality of computer system resources,and wherein said controller and resource management system is thereinimplemented in hardware or firmware; said controller and resourcemanagement system comprising at least: an event handler for receivingsaid plurality of computer system events and further assigning a typeidentifier label and security level identifier label to said pluralityof computer system events; a system security function coupled to saidevent handler for notifying and alerting said plurality of computersystem resources of said plurality of computer system events; saidsystem security function operatively and functionally independent ofsaid plurality of computer system resources; a watchdog timer functionfor independently monitoring the health and operation of said controllerand resource management system; said watchdog timer operatively andfunctionally independent of said plurality of computer system resources;a plurality of bidirectional Input/Output (I/O) interfaces providing ameans for direct coupling between a plurality of said controller andresource management systems, said direct coupling operatively andfunctionally independent of said plurality of computer system resources;a plurality of integral layer-2 media access controllers (MACS); amanager and scheduler function for managing and scheduling the pluralityof processes to be performed by said plurality of computer systemresources; a priority handler function for evaluating and categorizingsaid plurality of processes to be performed by said plurality ofcomputer system resources; a configuration and device driver functionfor configuring and controlling said plurality of computer systemresources; a plurality of bidirectional Input/Output (I/O) interfacesfor receiving and transmitting data between said plurality of computersystem resources; a plurality of bidirectional memory buffers forproviding buffing of data for said plurality of bidirectionalInput/Output (I/O) interfaces; wherein said event handler comprising atleast: an event handler for assigning a type identifier label andsecurity level identifier label to said plurality of computer systemevents, said event handler comprising; a receiver and buffer forreceiving said plurality of computer system events; a type identifierfunction coupled to said receiver and buffer for identifying the type ofsaid plurality of computer system events and assigning a type identifierlabel to said plurality of computer system events; a security identifierfunction coupled to said type identifier function for identifying thesecurity level of said plurality of computer system events and assigninga security level identifier label to said plurality of computer systemevents; and a routing function coupled to said security identifierfunction and further coupled to said system security function forrouting said plurality of computer system events with their assignedsaid type identifier label and said security level identifier label tosaid system security function based on said event handlers determinationof said type identifier and said security level identifier for receivedsaid plurality of computer system events; wherein said methodcomprising: a method for receiving, identifying, routing, storing,notifying and alerting said plurality of computer system resources ofsaid plurality of computer system events, wherein said plurality ofcomputer system events are received into said receiver and buffer, saidplurality of computer system events are sent to said type identifierfunction for identifying and labeling the type of said plurality ofcomputer system events, said plurality of computer system events withsaid type identifier label are then sent to said security identifierfunction for identifying and labeling the security level of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and notifying and alerting said plurality of computersystem resources of said type and said security level assigned to saidplurality of computer system events, and wherein said system securityfunction storing said plurality of computer system events with said typeidentifier label and said security level identifier label and notifyingand alerting said plurality of controller and resource managementsystems of said type and said security level assigned to said pluralityof computer system events, said system security function notifying andalerting said plurality of controller and resource management systemsusing said plurality of bidirectional Input/Output (I/O) interfaces. 58.The controller and resource management system of claim 57 wherein saidcomputer system is a wireless communicating device such as a cellphone.59. The controller and resource management system of claim 57 whereinsaid computer system is a portable computer such as a hand-held personaldigital assistant (PDA) or laptop personal computer.
 60. The controllerand resource management system of claim 57 wherein said computer systemis a personal computer.
 61. The controller and resource managementsystem of claim 57 wherein said computer system is a communicationsserver.
 62. In a computer system having a plurality of computer systemresources, a controller and resource management system and method forcontrolling and managing said plurality of computer system resources,and handling a plurality of computer system events, said computer systemcomprising: said controller and resource management system; saidplurality of computer system resources having at least one processorcommunicably coupled to said controller and resource management systemand a plurality of computer system memories communicably and operativelycoupled to said controller and resource management system; wherein saidplurality of computer system resources are operatively dependent on saidcontroller and resource management system, and wherein said controllerand resource management system is operatively and functionallyindependent of said plurality of computer system resources, saidcontroller and resource management system comprising at least: an eventhandler for receiving said plurality of computer system events andfurther assigning a type identifier label and security level identifierlabel to said plurality of computer system events; a system securityfunction coupled to said event handler for notifying and alerting saidplurality of computer system resources of said plurality of computersystem events; said system security function operatively andfunctionally independent of said plurality of computer system resources;a watchdog timer function for independently monitoring the health andoperation of said controller and resource management system; saidwatchdog timer operatively and functionally independent of saidplurality of computer system resources; a plurality of bidirectionalInput/Output (I/O) interfaces providing a means for direct couplingbetween a plurality of said controller and resource management systems,said direct coupling operatively and functionally independent of saidplurality of computer system resources; a manager and scheduler functionfor managing and scheduling the plurality of processes to be performedby said plurality of computer system resources; a priority handlerfunction for evaluating and categorizing said plurality of processes tobe performed by said plurality of computer system resources; aconfiguration and device driver function for configuring and controllingsaid plurality of computer system resources; a plurality of computersystem bidirectional Input/Output (I/O) interfaces for coupling saidcontroller and resource management system to said plurality of computersystem resources; a plurality of integral layer-2 media accesscontrollers (MACS); a plurality of bidirectional memory buffers forproviding buffing of data for said plurality of computer systembidirectional Input/Output (I/O) interfaces; a memory controller hub forcoupling said controller and resource management system to saidplurality of computer system memories; an Input/Output (I/O) controllerhub for coupling said controller and resource management system to saidplurality of computer system bidirectional Input/Output (I/O)interfaces; wherein said event handler comprising at least: an eventhandler for assigning a type identifier label and security levelidentifier label to said plurality of computer system events, said eventhandler comprising; a receiver and buffer for receiving said pluralityof computer system events; a type identifier function coupled to saidreceiver and buffer for identifying the type of said plurality ofcomputer system events and assigning a type identifier label to saidplurality of computer system events; a security identifier functioncoupled to said type identifier function for identifying the securitylevel of said plurality of computer system events and assigning asecurity level identifier label to said plurality of computer systemevents; and a routing function coupled to said security identifierfunction and further coupled to said system security function forrouting said plurality of computer system events with their assignedsaid type identifier label and said security level identifier label tosaid system security function based on said event handlers determinationof said type identifier and said security level identifier for receivedsaid plurality of computer system events; wherein said methodcomprising: a method for receiving, identifying, routing, storing,notifying and alerting said plurality of computer system resources ofsaid plurality of computer system events, wherein said plurality ofcomputer system events are received into said receiver and buffer, saidplurality of computer system events are sent to said type identifierfunction for identifying and labeling the type of said plurality ofcomputer system events, said plurality of computer system events withsaid type identifier label are then sent to said security identifierfunction for identifying and labeling the security level of saidplurality of computer system events, said plurality of computer systemevents with said type identifier label and said security levelidentifier label are routed by said routing function to said systemsecurity function based on said type identifier label and said securitylevel identifier label assigned for said plurality of computer systemevents, said system security function storing said plurality of computersystem events with said type identifier label and said security levelidentifier label and notifying and alerting said plurality of computersystem resources of said type and said security level assigned to saidplurality of computer system events, and wherein said system securityfunction storing said plurality of computer system events with said typeidentifier label and said security level identifier label and notifyingand alerting said plurality of controller and resource managementsystems of said type and said security level assigned to said pluralityof computer system events, said system security function notifying andalerting said plurality of controller and resource management systemsusing said plurality of bidirectional Input/Output (I/O) interfaces. 63.The controller and resource management system of claim 62 wherein saidcomputer system is a wireless communicating device such as a cellphone.64. The controller and resource management system of claim 62 whereinsaid computer system is a portable computer such as a hand-held personaldigital assistant (PDA) or laptop personal computer.
 65. The controllerand resource management system of claim 62 wherein said computer systemis a personal computer.
 66. The controller and resource managementsystem of claim 62 wherein said computer system is a communicationsserver.
 67. A controller and resource management system as recited inclaim 62 wherein said controller and resource management system istherein implemented in hardware or firmware;
 68. A controller andresource management system as recited in claim 62 wherein saidcontroller and resource management system is therein implemented inhardware or firmware, and wherein said controller and resourcemanagement system is electrically isolated from said plurality ofcomputer system resources, including at least said processor;
 69. In apersonal computer system having a plurality of personal computer systemresources, a controller and resource management system and method forcontrolling and managing said plurality of personal computer systemresources, and handling a plurality of personal computer system events,said personal computer system comprising: said controller and resourcemanagement system; said plurality of personal computer system resourcescomprising at least: one processor communicably coupled to saidcontroller and resource management system; a plurality of personalcomputer system memories communicably and operatively coupled to saidcontroller and resource management system; user interfaces including atleast one keyboard, at least one mouse, at least one audio interface andat least one video interface; at least one disc storage resource; atleast one bidirectional serial Input/Output (I/O) interface; networkingconnections including local area networks (LANs) and wide area networks(WANs), having a plurality of integral layer-2 media access controllers(MACS); wherein said plurality of personal computer system resources areoperatively dependent on said controller and resource management system,and wherein said controller and resource management system isoperatively and functionally independent of said plurality of personalcomputer system resources, said controller and resource managementsystem comprising at least: an event handler for receiving saidplurality of personal computer system events and further assigning atype identifier label and security level identifier label to saidplurality of personal computer system events; a system security functioncoupled to said event handler for notifying and alerting said pluralityof personal computer system resources of said plurality of personalcomputer system events; said system security function operatively andfunctionally independent of said plurality of personal computer systemresources; a watchdog timer function for independently monitoring thehealth and operation of said controller and resource management system;said watchdog timer operatively and functionally independent of saidplurality of personal computer system resources; a plurality ofbidirectional Input/Output (I/O) interfaces providing a means for directcoupling between a plurality of said controller and resource managementsystems, said direct coupling operatively and functionally independentof said plurality of personal computer system resources; a manager andscheduler function for managing and scheduling the plurality ofprocesses to be performed by said plurality of personal computer systemresources; a priority handler function for evaluating and categorizingsaid plurality of processes to be performed by said plurality ofpersonal computer system resources; a configuration and device driverfunction for configuring and controlling said plurality of personalcomputer system resources; a plurality of personal computer systembidirectional Input/Output (I/O) interfaces for coupling said controllerand resource management system to said plurality of personal computersystem resources; a plurality of bidirectional memory buffers forproviding buffing of data for said plurality of personal computer systembidirectional Input/Output (I/O) interfaces; a memory controller hub forcoupling said controller and resource management system to saidplurality of personal computer system memories; an Input/Output (I/O)controller hub for coupling said controller and resource managementsystem to said plurality of personal computer system bidirectionalInput/Output (I/O) interfaces; wherein said event handler comprising atleast: an event handler for assigning a type identifier label andsecurity level identifier label to said plurality of personal computersystem events, said event handler comprising; a receiver and buffer forreceiving said plurality of personal computer system events; a typeidentifier function coupled to said receiver and buffer for identifyingthe type of said plurality of personal computer system events andassigning a type identifier label to said plurality of personal computersystem events; a security identifier function coupled to said typeidentifier function for identifying the security level of said pluralityof personal computer system events and assigning a security levelidentifier label to said plurality of personal computer system events;and a routing function coupled to said security identifier function andfurther coupled to said system security function for routing saidplurality of personal computer system events with their assigned saidtype identifier label and said security level identifier label to saidsystem security function based on said event handlers determination ofsaid type identifier and said security level identifier for receivedsaid plurality of personal computer system events; wherein said methodcomprising: a method for receiving, identifying, routing, storing,notifying and alerting said plurality of personal computer systemresources of said plurality of personal computer system events, whereinsaid plurality of personal computer system events are received into saidreceiver and buffer, said plurality of personal computer system eventsare sent to said type identifier function for identifying and labelingthe type of said plurality of personal computer system events, saidplurality of personal computer system events with said type identifierlabel are then sent to said security identifier function for identifyingand labeling the security level of said plurality of personal computersystem events, said plurality of personal computer system events withsaid type identifier label and said security level identifier label arerouted by said routing function to said system security function basedon said type identifier label and said security level identifier labelassigned for said plurality of personal computer system events, saidsystem security function storing said plurality of personal computersystem events with said type identifier label and said security levelidentifier label and notifying and alerting said plurality of personalcomputer system resources of said type and said security level assignedto said plurality of personal computer system events, and wherein saidsystem security function storing said plurality of personal computersystem events with said type identifier label and said security levelidentifier label and notifying and alerting said plurality of controllerand resource management systems of said type and said security levelassigned to said plurality of personal computer system events, saidsystem security function notifying and alerting said plurality ofcontroller and resource management systems using said plurality ofbidirectional Input/Output (I/O) interfaces.
 70. In a communicationscomputer system having a plurality of communications computer systemresources, a controller and resource management system and method forcontrolling and managing said plurality of communications computersystem resources, and handling a plurality of communications computersystem events, said communications computer system comprising: saidcontroller and resource management system; said plurality ofcommunications computer system resources comprising at least: oneprocessor communicably coupled to said controller and resourcemanagement system; a plurality of communications computer systemmemories communicably and operatively coupled to said controller andresource management system; a plurality of bidirectional communicationsInput/Output (I/O) interfaces; wherein said plurality of communicationscomputer system resources are operatively dependent on said controllerand resource management system, and wherein said controller and resourcemanagement system is operatively and functionally independent of saidplurality of communications computer system resources, said controllerand resource management system comprising at least: an event handler forreceiving said plurality of communications computer system events andfurther assigning a type identifier label and security level identifierlabel to said plurality of communications computer system events; asystem security function coupled to said event handler for notifying andalerting said plurality of communications computer system resources ofsaid plurality of communications computer system events; said systemsecurity function operatively and functionally independent of saidplurality of communications computer system resources; a watchdog timerfunction for independently monitoring the health and operation of saidcontroller and resource management system; said watchdog timeroperatively and functionally independent of said plurality ofcommunications computer system resources; a plurality of bidirectionalInput/Output (I/O) interfaces providing a means for direct couplingbetween a plurality of said controller and resource management systems,said direct coupling operatively and functionally independent of saidplurality of communications computer system resources; a manager andscheduler function for managing and scheduling the plurality ofprocesses to be performed by said plurality of communications computersystem resources; a priority handler function for evaluating andcategorizing said plurality of processes to be performed by saidplurality of communications computer system resources; a configurationand device driver function for configuring and controlling saidplurality of communications computer system resources; a plurality ofcommunications computer system bidirectional Input/Output (I/O)interfaces for coupling said controller and resource management systemto said plurality of communications computer system resources; aplurality of integral layer-2 media access controllers (MACS); aplurality of bidirectional memory buffers for providing buffing of datafor said plurality of communications computer system bidirectionalInput/Output (I/O) interfaces; a memory controller hub for coupling saidcontroller and resource management system to said plurality ofcommunications computer system memories; an Input/Output (I/O)controller hub for coupling said controller and resource managementsystem to said plurality of communications computer system bidirectionalInput/Output (I/O) interfaces; wherein said event handler comprising atleast: an event handler for assigning a type identifier label andsecurity level identifier label to said plurality of communicationscomputer system events, said event handler comprising; a receiver andbuffer for receiving said plurality of communications computer systemevents; a type identifier function coupled to said receiver and bufferfor identifying the type of said plurality of communications computersystem events and assigning a type identifier label to said plurality ofcommunications computer system events; a security identifier functioncoupled to said type identifier function for identifying the securitylevel of said plurality of communications computer system events andassigning a security level identifier label to said plurality ofcommunications computer system events; and a routing function coupled tosaid security identifier function and further coupled to said systemsecurity function for routing said plurality of communications computersystem events with their assigned said type identifier label and saidsecurity level identifier label to said system security function basedon said event handlers determination of said type identifier and saidsecurity level identifier for received said plurality of communicationscomputer system events; wherein said method comprising: a method forreceiving, identifying, routing, storing, notifying and alerting saidplurality of communications computer system resources of said pluralityof communications computer system events, wherein said plurality ofcommunications computer system events are received into said receiverand buffer, said plurality of communications computer system events aresent to said type identifier function for identifying and labeling thetype of said plurality of communications computer system events, saidplurality of communications computer system events with said typeidentifier label are then sent to said security identifier function foridentifying and labeling the security level of said plurality ofcommunications computer system events, said plurality of communicationscomputer system events with said type identifier label and said securitylevel identifier label are routed by said routing function to saidsystem security function based on said type identifier label and saidsecurity level identifier label assigned for said plurality ofcommunications computer system events, said system security functionstoring said plurality of communications computer system events withsaid type identifier label and said security level identifier label andnotifying and alerting said plurality of communications computer systemresources of said type and said security level assigned to saidplurality of communications computer system events, and wherein saidsystem security function storing said plurality of communicationscomputer system events with said type identifier label and said securitylevel identifier label and notifying and alerting said plurality ofcontroller and resource management systems of said type and saidsecurity level assigned to said plurality of communications computersystem events, said system security function notifying and alerting saidplurality of controller and resource management systems using saidplurality of bidirectional Input/Output (I/O) interfaces.